This month I did something that is a rite of passage for anyone in InfoSec: I attended my first “Con”, Circle City in Indianapolis, a Security Convention that is about the community and largely attended by … hackers.
Let’s clear up a big misconception. The hackers I know are definitely not this stereotype found ad nauseum. Yes, there are hackers who choose to attack our systems, steal data, and threaten our security. But there’s a whole other group out there who are also hackers, and in the constructive definition of the term. They “hack” to understand and improve the code and technology we use everyday; they test networks and programs, finding weaknesses and vulnerable points we need to defend from the attackers. Highly skilled and naturally curious, they understand our systems better than we understand ourselves. They know what can go wrong because they know how it can be broken, and that prevention is the best fix.
Cons offer a major venue to present new research and discoveries, and to discuss theories about a fascinating range of topics that impact Information Security. There are a variety, in different flavours, with varying appeal. And they happen throughout the year. Every year in August, Las Vegas hosts DEF CON, a massive hacker event, alongside the more corporate Blackhat, and BSidesLV, from the popular local BSides series encouraging novice through expert. We have some in Canada, but the cost of admission and travel are big factors for attendance. When I asked what first Con should be, Circle City was the resounding choice. Smaller, new (this was its second year and very successful), it would be well-attended by people I knew, and feature a diverse mix of classes and talks.
To say this was an incredible learning opportunity would be an understatement. There was a constant exchange of information happening on and offline. I felt like I was back in university- in a very good way- as we worked together in small groups to resolve a given problem and then present to the class. And there I was, sitting and working with some of the smartest, most interesting people I have ever met, who made me feel welcome and invited my contributions. It was truly a privilege.
The best connections however, aren’t plugged into the network, but those made within the network of attendees. This is a community. There is an open camaraderie as folks who spend most of the year connecting online enjoy this opportunity to connect face to face. Attendees wear t-shirts from the past cons they’ve attended. Badges on lanyards denote speakers, participants, staff, and trainers. Tattoos are a walking montage of art and personal expression. Some describe themselves as introverts, but at these Cons they are among friends, accepted and welcomed. And then there are the parties, when hackers come out to play and the fun lasts all night long. A series of artful DJs delivered a wicked sound and light show as a wish-list of arcade games beckoned and we talked until we lost our voices. Yes, Alice, welcome to InfoSec!
Closing ceremonies may be worth missing at some conventions, but I’m glad I stayed to take it all in. It was all good fun watching prizes bestowed on heartily enthusiastic winners. Raffle tickets were sold in handfuls to keen attendees, for a range of prizes including an extraordinary quilt made by one of the members, the intricate pattern actually an encrypted message. Recognition and thanks were sincerely given to those who had given so much. And then there was moment that brought many of us to tears, as a fellow hacker fighting cancer was welcomed on stage, and the story about bringing him to the Con was told. This really is a community.
I’m so glad I fell down this rabbit hole to InfoSec. I started following paths on Twitter, which is an incredible repository of access points for up to the minute security developments, detailed research, knowledgeable blog posts, and of course, people with whom to connect. Now my kids regulate my screen time and tweets. Had you told me a couple years ago that I’d sit in on a talk about digital forensics and devour every word of it, I would have called you crazy. Instead, you can call me Alice, because InfoSec has become my Wonderland of learning and discovery. Welcome to my excellent InfoSec adventure. I can’t wait for what comes next – in Vegas!